PoC Exploit Released for DoS Vulnerability in OpenSSL

2020-05-05 08:59

A proof-of-concept exploit has been made public for a recently patched vulnerability in OpenSSL that can be exploited for denial-of-service attacks.

OpenSSL versions 1.1.1d, 1.1.1e and 1.1.1f are affected by a high-severity vulnerability that has been described as a segmentation fault in the SSl check chain function.

Security researcher Imre Rad has published a PoC exploit for the vulnerability, along with a description of the exploitation process.

CVE-2020-1967 was the first vulnerability patched in OpenSSL in 2020.

As SecurityWeek reported a few months ago, OpenSSL security has evolved since the disclosure of the Heartbleed vulnerability back in 2014.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/1_TH5Ik-Z0o/poc-exploit-released-dos-vulnerability-openssl

#DOS #exploit #openssl #POC #vulnerability #CVE-2020-1967

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-21	CVE-2020-1967	NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. network low complexity openssl debian freebsd fedoraproject oracle netapp broadcom opensuse jdedwards tenable CWE-476	7.5

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Openssl		2	12	92	51	16	171

News URL

Related news

Related Vulnerability

Related vendor